Re: SUID shell scripts, questions?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: That Whispering Wolf...: "SUID shell scripts, questions?"
• Previous message: David A. Wagner: "Re: SUID shell scripts, questions?"
• Maybe in reply to: That Whispering Wolf...: "SUID shell scripts, questions?"

Adam, you wrote:
> 	setuid scripts are insecure because the interpreter (the
> shell) is not designed to be secure.  Trying to patch it to make it
> secure is the wrong answer.  The right answer is to build little
> setuid tools that do exactly and only what you need, such as the
> port20 tool mentioned in Cheswick & Bellovin.

Adam- I wonder if you would expand on this.  I thought the basic 
problem with the idea of suid #!/bin/interpreter scripts is the
race condition just described.   What other basic problems exist
with suid #! scripts that are unique to these scripts?

My counter to your statement:  Once the race condition is fixed
then secure suid shell programming is no more a problem than is
writing secure suid programs in C or perl or any other language.
The issues that arise seem to come from not understanding the 
environment - things like IFS or the LD* variables or relative
paths, etc.

Quentin

• Next message: That Whispering Wolf...: "SUID shell scripts, questions?"
• Previous message: David A. Wagner: "Re: SUID shell scripts, questions?"
• Maybe in reply to: That Whispering Wolf...: "SUID shell scripts, questions?"